Commit Graph

305 Commits

Author SHA1 Message Date
Maximilian Bosch
30286ebcc1
glibc: 2.31 -> 2.32
ChangeLog: https://sourceware.org/pipermail/libc-announce/2020/000029.html

Patches removed:

* `rpcgen-path.patch` is obsolete as the support for SunOS RPC has been
  removed in 2.32[1].

* The vulnerabilities CVE-2020-1752[2] & CVE-2020-10029[3] are fixed in
  `glibc-2.32`[4][5], thus applying those manually isn't necessary anymore.

I also added myself as second maintainer as I'm quite regularly doing
`glibc`-related stuff in `nixpkgs`, so let's make this situation
official.

[1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5500cdba4018ddbda7909bc7f4f9718610b43cf0
[2] https://nvd.nist.gov/vuln/detail/CVE-2020-1752
[3] https://nvd.nist.gov/vuln/detail/CVE-2020-10029
[4] Commit 9333498794cde1d5cca518badf79533a24114b6f (CVE-2020-1752)
[5] Commit ddc650e9b3dc916eab417ce9f79e67337b05035c (CVE-2020-10029)
2020-09-12 23:04:43 +02:00
Matthew Bauer
d0677e6d45 treewide: add warning comment to “boot” packages
This adds a warning to the top of each “boot” package that reads:

  Note: this package is used for bootstrapping fetchurl, and thus cannot
  use fetchpatch! All mutable patches (generated by GitHub or cgit) that
  are needed here should be included directly in Nixpkgs as files.

This makes it clear to maintainer that they may need to treat this
package a little differently than others. Importantly, we can’t use
fetchpatch here due to using <nix/fetchurl.nix>. To avoid having stale
hashes, we need to include patches that are subject to changing
overtime (for instance, gitweb’s patches contain a version number at
the bottom).
2020-07-31 08:56:53 +02:00
Maximilian Bosch
9cd98386a3
glibc: build with patches for CVE-2020-1752 & CVE-2020-10029
/cc roundup #88306
2020-06-30 14:29:54 +02:00
Maximilian Bosch
4a78b2b04f
glibc: 2.30 -> 2.31
https://lists.gnu.org/archive/html/info-gnu/2020-02/msg00001.html
2020-06-29 14:41:42 +02:00
Vladimír Čunát
3f08d642fe
glibc: patch CVE-2020-1752
/cc roundup #88306; the issue seems quite serious to me.

I also made two other patches non-conditional, as we rebuild
all platforms anyway.
2020-05-31 09:11:45 +02:00
Frederik Rietdijk
24c96b9259 Revert "Merge pull request #86954 from lovesegfault/binutils-2.34"
Pythons find_library is broken with binutils 2.34, and numpy could not import libraries because of not properly aligned ELF's.

This is the second time binutils 2.34 got reverted. Next time, we should have a dedicated Hydra job for it.

This reverts commit 629fa8a2d4, reversing
changes made to 4ddd080d19.
2020-05-23 10:18:26 +02:00
Bernardo Meurer
b83fb95a41 glibc: force OBJDUMP to cc.bintools 2020-05-09 15:21:17 -07:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Dmitry Kalinkin
6740593bdd
glibc: provide fallback for kernels with missing prlimit64
The current version of glibc implements support for kernels down to
3.2.0 (and we make sure to enable such support with apporopriate
--enable-kernel setting). The current RHEL6 operating system is based on
a maintained kernel based on 2.6.32 with lots of backports. We provide
basic support for this specific kernel by patching glibc to provide an
exception for this specific version of kernel. This allows for nixpkgs
software distribution to work on RHEL6 and it does so quite well with
almost no problems. There are, however, a few syscalls that are missing
in the 2.6.32 kernel, one of which is prlimit64. This commit provides a
fallback that uses an older {get,set}rlimit syscalls in cases when
prlimit64 is not available. This should streamline the experience for
nixpkgs users wanting to run it on RHEL6, namely, this fixes one of the
tests in findutils.

See also discussion in guix:
https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00356.html
2020-03-01 17:33:27 -05:00
Vladimír Čunát
f6519103bf
glibc: use python3Minimal instead of python3
This should improve the speed of bootstrapping process.
Cost of evaluation also decreases a bit,
but I don't expect that will be significant.
2020-02-14 13:19:00 +01:00
Vladimír Čunát
c2038483fd
glibc, openssl: unbreak cross eval (with minor caveats)
It's certainly better to have those two caveats than not evaluate.
Both seem rather niche.  Unfortunately I failed to find a better way.
I started testing builds of several cross variants; all seem OK.
2020-02-10 15:52:20 +01:00
Vladimír Čunát
5ca088f1cc
glibc/*.patch: revert no-op changes done in 447edaa3
I suppose the diff of the glibc-upgrade branch is a bit cleaner
without including these unnecessary changes.
2020-02-05 13:37:06 +01:00
Maximilian Bosch
ea8ae88f04
Merge branch 'staging' into glibc230 2020-02-01 17:42:03 +01:00
Niklas Hambüchen
8ef2c51d06 glibc: Fix build error due to warning with musl. Fixes #78805 2020-01-30 04:20:52 +01:00
Maximilian Bosch
2d5ed2b4b0 glibc: remove outdated patches
Co-authored-by: Luka Blaskovic <lblasc@znode.net>
2020-01-14 08:51:52 +00:00
Vladimír Čunát
2aea16c4d6 glibc: depend on libidn2 (and libunistring, transitively)
It's a bit hacky, but ATM I can't see any better way for glibc >= 2.28.

Signed-off-by: Luka Blaskovic <lblasc@tvbeat.com>
2020-01-14 08:27:00 +00:00
Luka Blaskovic
447edaa32f glibc: 2.27 -> 2.30 2020-01-14 08:26:58 +00:00
Andrew Childs
b5a45106ae glibc: backport fix for out of bounds access in IBM-1390 converter 2020-01-12 07:08:19 +09:00
Andrew Childs
22a8e7f13d glibc: fix cross compilation build failure (again) 2020-01-12 06:04:42 +09:00
Florian Klink
cd827f2209 Revert "glibc: fix cross compilation build failure"
This reverts commit 51014768d2.
2020-01-11 21:53:02 +01:00
Andrew Childs
51014768d2 glibc: fix cross compilation build failure 2020-01-12 03:37:07 +09:00
Andrew Childs
569f05222c glibc: remove TODO that is now done
This was preventing a mass-rebuild by returning null. As of
5f2d96ba2e it always returns a string.
2020-01-12 03:28:33 +09:00
Jan Tojnar
95a1614a9f
glibc: make NIX_CFLAGS_COMPILE a string 2019-12-31 09:16:53 +01:00
Frederik Rietdijk
6d059becd3 Merge gcc-9 into staging (#68029) 2019-12-30 16:38:38 +01:00
Robin Gloster
5f2d96ba2e
glibc: NIX_CFLAGS_COMPILE -> always string 2019-12-30 13:33:16 +01:00
Franz Pletz
77b6c3cd06
Merge remote-tracking branch 'origin/master' into gcc-9 2019-12-26 14:17:36 +01:00
Robert Scott
9234d1d6db glibc: add patch for CVE-2019-19126
including patch in-repo as it needs modification to remove the changes to
NEWS but fetchpatch doesn't work here
2019-12-10 18:51:16 +01:00
Franz Pletz
4f411338d7
glibc_memusage: fix build with gcc9 2019-11-03 14:43:36 +01:00
Niklas Hambüchen
def9d09806
Merge pull request #71480 from nh2/glibc-musl-gcc8-werror-fixes
glibc: Fix building with musl on GCC 8
2019-10-31 02:52:29 +01:00
Niklas Hambüchen
08ec575c93 glibc: Fix building with musl on GCC 8.
GCC 8 introduced new warnings that were picked up by -Werror;
this commit makes them non-errors until fixed upstream.

See

* https://github.com/NixOS/nixpkgs/pull/68244#issuecomment-544307798
* https://github.com/nh2/static-haskell-nix/issues/56

This commit takes care to not change the derivation for non-musl builds.
2019-10-30 13:29:53 +01:00
Pierre Bourdon
17be09a1f0
glibc: patch CVE-2018-11236, CVE-2018-11237
Patches have been imported into nixpkgs and manually edited to avoid
merge conflicts on ChangeLog / NEWS files.
2019-10-03 00:03:11 +02:00
Matthew Bauer
3fcc4441d7 glibc: fix cross compilation with gcc8 2019-09-16 14:00:15 -04:00
Robin Gloster
b5fa934872
glibc: fix withGd build with gcc8 2019-06-17 07:06:01 +02:00
c0bw3b
9cb260d091 [treewide] delete unused patches 2019-05-04 19:52:24 +02:00
Pierre Bourdon
03f618d9cf
glibc: re-enable stripping in cross builds
References to the host toolchain are leaking through debug symbols in
glibc, causing gnu cross-builds to always depend on the host toolchain.
The decision to not strip was made in 2012 in order to improve GNU/Hurd
support, and I suspect the reasons that justified it back then do not
apply anymore in 2019.

Closure size before:
/nix/store/v5pxj0bgg627hic2khk4d43z6cjp5v7d-hello-2.10-armv7l-unknown-linux-gnueabihf                            596.8M

After:
/nix/store/llp1ncmpar406rc2vhj7g5ix4yqwna3n-hello-2.10-armv7l-unknown-linux-gnueabihf     23.6M
2019-04-17 19:53:53 +02:00
Jörg Thalheim
467f0f9f3a
glibcLocales: also build C.UTF-8
Previously we only build C.UTF-8 as part of the locale-archive
that comes with the glibc core package.
However for consistent use of LANG=C.UTF-8 we also want support
in our glibcLocales as well.
fixes https://github.com/NixOS/nixpkgs/issues/57974
2019-03-21 06:26:07 +00:00
Michael Roitzsch
00a41ebbc1
glibc: fix cross builds on Darwin
evaluate buildPackages.glibc exclusively on Linux,
evaluating it on Darwin will lead to an unsupported platform error
2019-02-26 18:17:31 +01:00
Jörg Thalheim
ff1b945851
glibc: fix cross-build
glibc's buildsystem uses its own executables to generate locales.
This does not work for cross-compilation so instead we use localedef
from buildPackages.
2019-02-24 09:43:01 +00:00
Vladimír Čunát
32767d139f
Merge branch 'staging-next'
This round is without the systemd CVE,
as we don't have binaries for that yet.
BTW, I just ignore darwin binaries these days,
as I'd have to wait for weeks for them.
2019-02-20 09:38:45 +01:00
Michael Roitzsch
a64771d7f1 glibc: enable cross builds on Darwin
add patch file for cross compilation on Darwin
documentation of the changes is at the top of the patch file
2019-02-17 18:40:50 +01:00
Vladimír Čunát
444d073332
Revert "glibc: fix build with newer bison"
This reverts commit aa9821bbb9.
2019-01-29 12:54:04 +01:00
Vladimír Čunát
aa9821bbb9
glibc: fix build with newer bison
Fixes https://github.com/NixOS/nixpkgs/issues/54870
2019-01-29 12:42:26 +01:00
Matthew Bauer
319ebef3a3 Revert "Merge pull request #36948 from dtzWill/fix/glibc-libgcc_s"
This reverts commit 80ff19a45f, reversing
changes made to 43e867a226.
2019-01-26 20:36:42 -05:00
Matthew Bauer
80ff19a45f
Merge pull request #36948 from dtzWill/fix/glibc-libgcc_s
glibc: don't use bootstrap libgcc_s
2019-01-23 17:12:55 -05:00
Matthew Bauer
2ed8ee4b4d Merge branch 'staging' into fix/glibc-libgcc_s 2019-01-23 16:52:54 -05:00
Jörg Thalheim
d966f31f23 glibc: add support for C.utf-8 2019-01-22 22:08:44 +00:00
Jörg Thalheim
5e24fccba4 glibc: remove installLocales argument
Since we now install a sane default this should be no longer necessary.
If it is still needed, it should be easy enough to do this in an overlay.
2019-01-22 22:08:30 +00:00
c0bw3b
0498ccd076 Treewide: use HTTPS on GNU domains
HTTP -> HTTPS for :
- http://gnu.org/
- http://www.gnu.org/
- http://elpa.gnu.org/
- http://lists.gnu.org/
- http://gcc.gnu.org/
- http://ftp.gnu.org/ (except in fetchurl mirrors)
- http://bugs.gnu.org/
2018-12-02 15:51:59 +01:00
Frederik Rietdijk
63c6875f26 Merge master into staging-next 2018-11-18 10:32:12 +01:00
Will Dietz
db0abe98bf glibc: disable pie hardening, limit to musl for now 2018-11-15 21:55:08 -06:00